Why Clawguard
OpenClaw is powerful, but that power attracts abuse.
Rising threats
Attackers hide risky commands, credential access, or data exfiltration inside seemingly harmless skills and plugins.
Supply chain risk
A single compromised dependency can turn a trusted install into a silent breach.
Fast mitigation
Clawguard flags known dangerous patterns and blocks high-risk runs before damage happens.
How it works
Static scanning plus guard mode to keep OpenClaw clean.
Scan
Searches for high-risk patterns like exec, eval, and sensitive path access.
Report
Generates text or JSON reports for review and audit history.
Guard
Blocks OpenClaw runs when high-risk findings are detected.
Protection layers
Continuous defense for new skills, system integrity, and critical nodes.
Dynamic watch
Detects new or changed skills/plugins and auto-scans on the fly.
Rule packs
Auto-updates detection rules and packs from the repo.
Integrity
Baselines OpenClaw and Clawguard to detect tampering.
System health
Checks sensitive paths like keys, sudoers, and shell profiles.
Install in minutes
Works on any machine that can run OpenClaw.
Manual install
git clone https://github.com/jiangmuran/clawguard.git cd clawguard npm install npm link
Quick run
clawguard scan --path ~/.openclaw clawguard guard -- openclaw gateway --port 18789
Security operations
Run these anytime for ongoing safety.
Watch and auto-scan
clawguard watch --path ~/.openclaw --auto-update
Integrity baseline
clawguard integrity init --openclaw clawguard integrity check --openclaw
Critical path check
clawguard health
Rules update
clawguard rules update
Stay current
Check updates, apply fixes, and share the install prompt.
Check updates
clawguard update --check
Apply updates
clawguard update --apply
Share prompt
clawguard share --format markdown